Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0744Improper Input Validation in Apple Safari

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
5.7%
top 9.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Safari
Timeline
PublishedFeb 27
Latest updateMay 2

Description

Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari4.0

🔴Vulnerability Details

1
GHSA
GHSA-72rg-w9mr-2x25: Apple Safari 4 Beta build 5282022-05-02

💥Exploits & PoCs

1
Exploit-DB
Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service2009-02-25